talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Generate certificates for the aggregation layer.

Browse Source
This commit is contained in:
Tom Alexander
2026-01-09 18:19:34 -05:00
parent c0ace47d95
commit fd1ea9e890
13 changed files with 204 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
nix/kubernetes/keys/package/k8s-ca/package.nix
View File

@@ -10,23 +10,28 @@
{
stdenv,
openssl,
ca_name,
ca_config,
...
}:
stdenv.mkDerivation (finalAttrs: {
name = "k8s-ca";
name = "k8s-ca-${ca_name}";
nativeBuildInputs = [ openssl ];
buildInputs = [ ];
unpackPhase = "true";
installPhase = ''
mkdir -p "$out"
cd "$out"
buildPhase = ''
openssl genrsa -out "${ca_name}-ca.key" 4096
openssl genrsa -out ca.key 4096
openssl req -x509 -new -sha512 -noenc \
-key ca.key -days 3653 \
-config ${./files/ca.conf} \
-out ca.crt
-key "${ca_name}-ca.key" -days 3653 \
-config "${ca_config}" \
-out "${ca_name}-ca.crt"
'';
installPhase = ''
mkdir "$out"
cp "${ca_name}-ca.crt" "${ca_name}-ca.key" $out/
'';
})